Bugtraq mailing list archives
Re: Security Info (root broken)
From: mark () netsys com (Mark)
Date: Sat, 8 Oct 1994 13:33:21 -0700 (PDT)
>> This was a new >> install, and it lasted about 4 days. One person heard thru the cracker >> grapvine that root was broken thru /bin/mail. P> Did you happen to install the following, in particular 101436-02? P> Solaris 1.1.1 Patches Containing Security Fixes: P> ------------------------------------------------ P> 101436-02 SunOS 4.1.3_U1: bin/mail jumbo patch This is the patch which made the race condition *easier* to exploit than it was in the unpatched version.
I dont know about you guys but having used and proved all of the binmail exploit scripts the quick and dirty fix for them is put this in rc.local: /bin/touch /usr/spool/mail/root /bin/touch /usr/spool/mail/sysdiag /bin/touch /usr/spool/mail/sundiag /bin/touch /usr/spool/mail/[any other uid 0 acct] It closes the need-a-root-owned-mbox problem. There are other additions for rc.local to close more bugs, but lets wait the usual six months :) Cheers, Mark
Current thread:
- Re: Security Info (root broken) Mark (Oct 08)
- <Possible follow-ups>
- Re: Security Info (root broken) Doug Hughes (Oct 08)